Open Enclave v0.17.6 Release


Rob Sanchez
 

Hi all,
Open Enclave version 0.17.6 is released and can be found at:
Release v0.17.6 * openenclave/openenclave (github.com)<https://github.com/openenclave/openenclave/releases/tag/v0.17.6>
The Ubuntu 18.04/20.04 packages has been published to the production packages.microsoft.com APT repository.
The Windows Server 2019 package is available on nuget.org: NuGet Gallery | open-enclave 0.17.6<https://www.nuget.org/packages/open-enclave/>
Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo (openenclave/openenclave: SDK for developing enclaves (github.com)<https://github.com/openenclave/openenclave>) to report any issues that you may come across in your use of the SDK!
Thanks,
Rob

Release Notes:
Added

* Added support FIPS-enabled OpenSSL based on SymCrypt<https://github.com/Microsoft/SymCrypt>.
* Add a new library oesymcryptengine, which is a customized build of SymCrypt OpenSSL engine<https://github.com/Microsoft/SymCrypt-OpenSSL>.
* To use FIPS-enabled OpenSSL with SymCrypt, users need to link their enclave against
both oesymcryptengine and libsymcrypt.so (part of SymCrypt<https://github.com/Microsoft/SymCrypt> release packages) in addition to OpenSSL libraries, and include entropy.edl in the edl file. Note that libsymcrypt.so needs to be placed under the same directory with the enclave binary.
* See the attested_tls sample<https://github.com/openenclave/openenclave/blob/v0.17.6/samples/attested_tls#build-and-run> for an example of building enclaves with FIPS-enabled OpenSSL based on SymCrypt (set OE_CRYPTO_LIB to openssl_symcrypt_fips).
* Added support for POSIX mmap and munmap.
* Enabled MUSL conf functions.
* Added callback option to capture and modify enclave logs.

Security

* Update mbedTLS to version 2.16.12. Refer to the 2.16.12<https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12> release notes for the set of issues addressed.
* Note: 2.16 LTS is at End Of Life. mbedTLS libs included with the Open Enclave SDK will move to use the 2.28 LTS branch in the next release. 2.28.0 has certain breaking changes. To understand how these changes will impact your application, please refer to the release notes for 2.28.0<https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0>.

Join oesdk@lists.confidentialcomputing.io to automatically receive all group messages.